AUDITORÍATHE APPCO

VOLUME 8:CRITICAL ASSET FOR PEOPLE

PEOPLE

CEO Assintant. Proyect Manager. Requirements Manager. Requirement Engineer. Design Manager. Graphic Designer. Software Architect Scrum Master. Developers.

CRITICAL PEOPLE.

CEO Proyect Manager. Quality Manager. Administration Manager. Marketing Manager.

Administration, SCRUM, usability, CMMI, Moprosoft, Technic and client attention KNOWLEDGES.

ABSENCE OF PEOPLE.

KEY PEOPLE TAKING A TEMPORARY ABSENCE.

KEY PEOPLE LEAVING THE ORGANIZATION PERMANENTLY.

THREATS AFFECTING A THIRD-PARTY OR SERVICE PROVIDER.

GOOD THINGS

The APPCO. has team work well established.

The APPCO has a plan for what to do if an employee don't go to work.

BAD THINGS.

Don't have well established functions of all the employees.

Don’t mention employees of Administration, marketing, call center and Quality areas.

Don’t mention how many employees does the company have.

Don’t have enough workers if any problem of absence occur.

Most of the employees are area managers, so if one of these people don’t go to work, that area is almost unuselss.

RECOMMENDATIONS.

Keep the absence and team plans. Determine an specific number of employees. Establish the tasks of ALL the employees of

ALL areas. Contemplate employees for client attention.

VOLUME 5:CRITICAL ASSET FOR INFORMATION

CRITICAL INFORMATION.

Client information. Finance information. Proyect information.

Requirements engineer. SCRUM team Usability Accountants*

NETWORK ACCESS INFORMATION

GOOD POINTS.

The company has a privacy policy.

BAD POINTS.

There are no rules of restriction of information.

There is not well established who uses the internal information.

There is no protection for the information against external people.

RECOMENDATIONS

Estipulate who uses and protect the information.

Implement user privileges to access the information.

HUMAN ACTORS USING PHYSICAL ACCESS.

BAD POINTS

The company doesn’t have physical restrictions (site, equipment, computers…).

The company doesn’t have security against external people.

The company doesn’t have an insurance in case of robbery.

RECOMMENDATIONS.

The company should restrict some areas for external and internal people.

The company should improve its security using security systems or people.

SYSTEM PROBLEMS

GOOD THINGS. The company has plans for lost of

information and for infrastructure problems.

BAD THINGS. There is not established who is going to

attend a problem.

RECOMMENDATIONS

There are no sufficient security standards if a system fails.

There are no sufficient people who take care about the problems.

OTHER PROBLEMS

GOOD POINTS. The company has a plan in case of

infrastructure problems.

The company has established default configurations.

OTHER PROBLEMS

BAD POINTS

The company doesn’t have an emergency power supply.

The company doesn’t have a plan or insurance in case of natural disasters.

RECOMMENDATIONS

The company should sign up an insurance service.

The company should make a natural disaster plan.

The company should consider an emergency power supply.